Cryptographic key: Difference between revisions
imported>Howard C. Berkowitz (Symmetrical keys, session key generation, key exchange keying) |
imported>Howard C. Berkowitz (worked some links to Cryptography; think that needs to be split into several articles) |
||
| Line 1: | Line 1: | ||
{{subpages}} | {{subpages}} | ||
A '''cryptographic key''' is a variable, which, combined with a [[ | A '''cryptographic key''' is a variable, which, combined with a [[Cryptography#Principles of cryptosystems|encryption or decryption key]], produces a desired result: [[plaintext]] if the key is used for decryption or [[ciphertext]] if the key is used for encryption. | ||
Keys exist for both [[cipher]]s and [[code]]s, although the key for a code is a large codebook, with one or more symbols for each concept that can be encoded. | Keys exist for both [[cipher]]s and [[code]]s, although the key for a code is a large codebook, with one or more symbols for each concept that can be encoded. | ||
| Line 15: | Line 15: | ||
==Asymmetrical cryptosystems== | ==Asymmetrical cryptosystems== | ||
Asymmetrical cryptosystems operate around pairs of different keys with a complex mathematical relationship between them. Depending on the application, one is public, at least within a certain group of users, and one is private, to be held secret. | [[Asymmetrical cryptosystems operate around pairs of different keys with a complex mathematical relationship between them. Depending on the application, one is public, at least within a certain group of users, and one is private, to be held secret. | ||
When the purpose of the cryptosystem is to ensure [[content confidentiality]], the public key is used as the [[encryption key]], while the private key is used for decryption. Only an authorized user in possession of the decryption key can access the plaintext protected by the cryptosystem. For bilateral communications, there must be a key pair for each direction of communication. | When the purpose of the cryptosystem is to ensure the contents of the message cannot be read by an unauthorized person (i.e.,[[content confidentiality]]), the public key is used as the [[encryption key]], while the private key is used for decryption. Only an authorized user in possession of the decryption key can access the plaintext protected by the cryptosystem. For bilateral communications, there must be a key pair for each direction of communication. | ||
If the cryptosystem is being used for [[authentication]], a private key is used to encrypt a well-known signature or other credential of the sender. Any receiver can use the public key to decrypt the authentication message; the fact that it can be decrypted with a verified public key validates the sender's identity. | If the cryptosystem is being used for [[authentication]], a private key is used to encrypt a well-known signature or other credential of the sender. Any receiver can use the public key to decrypt the authentication message; the fact that it can be decrypted with a verified public key validates the sender's identity. | ||
Revision as of 09:30, 8 August 2008
A cryptographic key is a variable, which, combined with a encryption or decryption key, produces a desired result: plaintext if the key is used for decryption or ciphertext if the key is used for encryption.
Keys exist for both ciphers and codes, although the key for a code is a large codebook, with one or more symbols for each concept that can be encoded.
Encryption key
An encryption key, which is the same as the decryption key in a symmetrical cryptosystem, but different if the cryptosystem is asymmetrical, is used to transform plaintext to ciphertext.
Decryption key
A decryption key, which is the same as the recryption key in a symmetrical cryptosystem, but different if the cryptosystem is asymmetrical, is used to transform ciphertext to plaintext.
Symmetrical cryptosystems
In a symmetrical cryptosystem, the same key is used for encryption and decryption. As a result, it must be protected and often is called a secret key. Symmetrical cryptosystems are usually faster, and need a key that they can process efficiently.
Modern encryption systems may use a more convenient and secure asymmetric cryptosystem to transfer session-generating keys, which are used to generate symmetrical keys used for a short period of time or a certain number of units of plaintext. The session-generating keys will themselves be encrypted, with a symmetric or asymmetric key exchange key (KEK).
Asymmetrical cryptosystems
[[Asymmetrical cryptosystems operate around pairs of different keys with a complex mathematical relationship between them. Depending on the application, one is public, at least within a certain group of users, and one is private, to be held secret.
When the purpose of the cryptosystem is to ensure the contents of the message cannot be read by an unauthorized person (i.e.,content confidentiality), the public key is used as the encryption key, while the private key is used for decryption. Only an authorized user in possession of the decryption key can access the plaintext protected by the cryptosystem. For bilateral communications, there must be a key pair for each direction of communication.
If the cryptosystem is being used for authentication, a private key is used to encrypt a well-known signature or other credential of the sender. Any receiver can use the public key to decrypt the authentication message; the fact that it can be decrypted with a verified public key validates the sender's identity.